Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

I've said it before and I'll say it again: The security market is always looking for new ways to sell you the same thing they already sold you. The new phony category is anti-bot tools.

When this happened with spyware it somehow happened backwards. In the face of an established market for anti-malware products, known colloquially as anti-virus software, a separate market for anti-spyware developed. Spyware was a somewhat distinct category of malware, but treating it with distinct security software never made sense. As a separate category of software, anti-spyware is still just fading away.

What is a bot, after all? It is the resident -- perhaps dormant -- form of a malware infection. Over the last few years there have been probably tens of thousands of new Trojan horse variants developed, the express purpose of which was to turn a PC into a bot. Everyone knows by now that the more general anti-malware software, like Norton and Symantec Antivirus, do a less than perfect job of keeping up with the new variants, but they do their level best and they block a fair number through generic definitions based on behavior.

Further reading

There was a time-I thought it was still supposed to be that time, but perhaps I didn't get the memo-when you were supposed to be able to count on anti-virus software to detect existing infections on systems. There was a time when you could expect desktop firewalls and IPS products to detect malicious behavior by software installed on the system. Now I guess the time has passed, at least with respect to bots. Now you need a whole new class of software to detect the presence of bots.

The Trend Micro beta product, RUBotted, is free, as the Symantec one was while in beta. They do a relatively simple job, that of monitoring for bot-like behaviors, such as communicating with a command and control (C&C) system. It's all well and good for these companies to offer a free tool that performs these tasks for people with no security software, but what about their existing customers? Why doesn't Symantec Antivirus do this already? Why doesn't Symantec Internet Security do this? (And why don't the Norton consumer versions do it as well? Is it really reasonable to expect customers to buy and manage yet another program?)

It may be fat times for the vendors of anti-malware protection, but if I ran one of these companies I would be in constant fear that the party would be ending soon. Eventually some sort of systemic solution will come along to decrease the instance of malware drastically. Personally, I suspect Vista is it, and even XPSP2 was a big step forward. One day, all the really old systems running the overwhelming majority of the bot population will be taken out of circulation, and the problem will decrease. Until then, the anti-malware industry has to get whatever they can from us.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.